CVE-2017-17889

Name of the Vulnerable Software and Affected Versions: Kliqqi CMS version 3.5.2

Description: The issue allows for XSS attacks through crafted input in specific fields. This can be achieved by using a crafted group name in pligg/groups.php, a crafted Homepage string in a user's profile, or a crafted string in the Tags or Description fields within pligg/submit.php.

Recommendations: For Kliqqi CMS version 3.5.2, consider restricting user input in the mentioned fields to minimize the risk of exploitation. As a temporary workaround, restrict access to the pligg/groups.php and pligg/submit.php files until a patch is available. Avoid using crafted strings in the Tags, Description, or Homepage fields until the issue is resolved.